xmake-templates

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly states that templates are loaded from third-party xmake-repo and any globally-registered repo (e.g., /templates on GitHub via xrepo/add-repo and xmake-repo), and xmake create copies and substitutes file contents from those templates—i.e., the agent ingests untrusted, public repository files as part of its workflow which can alter subsequent behavior.